Gartner Blog Network

Notes From My First Security Summit

by Augusto Barros  |  July 5, 2016  |  2 Comments

I’ve finally found some time to collect my notes and impressions from my first Gartner Security and Risk Management Summit, back in June. I delivered one full session on Vulnerability Management and a short debate session with Anton Chuvakin about outsourcing security operations. We also hosted a roundtable on Vulnerability Management and a workshop on developing security monitoring use cases. On top of that, many one on one meetings with attendees and vendor meetings. Yes, it was a very busy week!

For those that went to the event but couldn’t catch the sessions, they are available on Gartner Events on Demand. If you find time to watch them, feel free to provide feedback on this space too, ok?

Some of my notes from the summit pointed to a couple of trends that I thought would be interesting to share:

  • Many medium organizations still on the “we’re just starting now” mode; yes, it’s 2016, but there are still organizations out there taking their first steps on a security program. It’s interesting to see some common trends from them: challenges on dealing with MSSPs, how to measure the results of their programs, finding the appropriate skills for the team.


  • Vulnerability scan results are still showing too many inconsistencies: yes, it’s 2016 (again) and we’re still seeing many organizations complaining that the results of their VA tools are not reliable and often plagued with false positives. This is an interesting result from a “market for lemons” scenario: it’s too hard for organizations to compare the quality of the results from the scanners available on the market, so there’s no incentive for those vendors to improve on that sense. If you are a VA tool vendor struggling to differentiate from the pack, pay attention to this: find a good way to prove your results are more reliable; there are organizations out there that could see it as a big enough reason to switch from their current solution.

The next event I’ll be presenting is in early August, the security summit in São Paulo. It’ll be fun to meet some old friends there, and a chance to dust off the Portuguese. Hope to see some of you there.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: events  risk-management-programs  vulnerability-management  

Tags: events  sec22  vulnerability-management  

Augusto Barros
Research VP
3 years at Gartner
21 years IT Industry

Augusto Barros is Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. Read Full Bio

Thoughts on Notes From My First Security Summit

  1. […] is old news, but the paper was published right before the maelstrom of the Gartner Security Summit. The paper compares the EDR solutions from 10 vendors (those more visible to Gartner based on […]

  2. […] above quote, from a blog by Augusto Barros on his notes from the Gartner Security and Risk Summit 2016, sounds very scary to […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.